Skip to main content

This job has expired

Staff Product Security Analyst

Employer
GE Aviation
Location
Cheltenham, United Kingdom
Salary
Competitive
Closing date
28 May 2019

View more

Clearance Level
SC, None / Undisclosed
Sector
Aerospace
Job Type
Permanent
Cheltenham, United Kingdom

Business:
    GE Aviation
Function:
    Digital Technology
Role Summary/Purpose:
    As a member of GE Aviation's Product Cyber Team, you will collaborate with development teams around the world to drive threat modeling exercises, lead security-focused architecture and code reviews, oversee security tests, and validate security designs across numerous Aviation products, which may include embedded and web-based products and services.
Essential Responsibilities:
  • Coach product development teams on secure design principles, development practices, and application hardening.
  • Perform Threat Modeling and Architecture Risk Analysis on software/firmware products.
  • Perform Security Code Reviews, Vulnerability Analysis and research on application code.
  • Coach and mentor developers to write and implement cryptography (PKI, Code Signing, etc).
  • Guide developers to write secure code and implement secure engineering practices.
  • Provide response for security related incidents reported for software products.
  • Engage subject matter experts in successful transfer of complex domain knowledge.
  • Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.
  • Audit and exploit applications and systems under development to expose vulnerabilities, and demonstrate possible fixes. Analyze and validate completed security improvements and CVE patches.
Qualifications/Requirements:
    Basic Qualifications
  • Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering) or equivalent
  • Broad experience in cyber security, and/or software developmentEligibility Requirements
  • Applications from job seekers who require sponsorship to work in the UK are welcome and will be considered alongside all other applications. However, non-EU/EEA candidates may not be appointed to a post if a suitably qualified, experienced and skilled EU/EEA candidate is available to take up the post, as the employing body is unlikely, in these circumstances, to satisfy the Resident Labour Market Test. For further information please visit the UK Border Agency website
  • Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. Please note that in the event that BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on grounds of national security. Please see the link below for further details regarding the requirements for BPSS clearance: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61212/hmg-personnel-security-controls.pdf
Desired Characteristics:
  • Proficiency in at least one programming language (Java, Node.JS, Python, or C/C++).
  • Experience conducting static code reviews and applying security auditing and/or penetration testing principles and tools.
  • Working knowledge ofOWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls.
  • Knowledge of Federated security architecture, flows, and standards (SAML, OpenID_Connect, and JSON_Web-Token (JWT)).
  • Experience securing applications within cloud platforms such as AWS, Azure, CloudFoundry, etc.
  • Knowledge of CI/CD and automation tools (Chef, Git, Jenkins, etc).
  • Knowledge of secure architecture and design principles.
  • Experience with application and protocol fuzzing.
  • Knowledge of Risk Controls frameworks and procedures (NIST800-53, DFARS, etc.).
  • Knowledge of API security architecture common authentication technologies (OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML) preferred.
  • Solid understanding of computer architecture, especially the hardware components, Software stack and protocols.
  • Experience in security technologies like TXT, TPM, TrustZone etc. This could overlap with experience in embedded systems.
  • Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc)
  • Knowledge of Network stacks and technologies.
  • Experience using debuggers/gdb, static-analysis, dynamic-analysis, root-cause-analysis#LI-ML1

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert